What GPO should I apply to a secure kiosk machine in Win 7 for Steady State

I had XP machines set up with Steady State, but I've upgraded to Windows 7. They're bound to our domain and I'd like to set some group policy to ensure that no data is saved to the machine after a domain user logs off.

What policy should I apply to accomplish this?

GOALS:

No Viruses (Running SAV)

Users need to sign on once (kiosk style) with their domain credentials.

No third party utilities (I'd like to avoid things like sandboxie and deepfreeze)

They need to access 3 webpages only (don't need to limit, but might help stave off viruses)

Make a normal user & because W7 doesn't allow them to run anything because of UAC they can't install anything.
Now, comes the point of saving data, if you want you can login the user first time & rename his profile folder like User_Old. This way when the actual user logs on he gets Temp profile. So when he logs off all his data is deleted & the computer is back in old shape.

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.